Tag Archives: National Security

Official Government Response to “Repeal the new Surveillance Laws (Investigatory Powers Act)” Petition

Dear Graham Penrose,

The Government has responded to the petition you signed – “Repeal the new Surveillance laws (Investigatory Powers Act)”.

Government responded:

The Investigatory Powers Act dramatically increases transparency around the use of investigatory powers. It protects both privacy and security and underwent unprecedented scrutiny before becoming law.

The Government is clear that, at a time of heightened security threat, it is essential our law enforcement, security and intelligence services have the powers they need to keep people safe.

The Investigatory Powers Act transforms the law relating to the use and oversight of Investigatory powers. It strengthens safeguards and introduces world-leading oversight arrangements.

The Act does three key things. First, it brings together powers already available to law enforcement and the security and intelligence agencies to obtain communications and data about communications. It makes these powers – and the safeguards that apply to them – clear and understandable.

Second, it radically overhauls the way these powers are authorised and overseen. It introduces a ‘double-lock’ for the most intrusive powers, including interception and all of the bulk capabilities, so warrants require the approval of a Judicial Commissioner. And it creates a powerful new Investigatory Powers Commissioner to oversee how these powers are used.

Third, it ensures powers are fit for the digital age. The Act makes a single new provision for the retention of internet connection records in order for law enforcement to identify the communications service to which a device has connected. This will restore capabilities that have been lost as a result of changes in the way people communicate.

Public scrutiny

The Bill was subject to unprecedented scrutiny prior to and during its passage.

The Bill responded to three independent reports: by David Anderson QC, the Independent Reviewer of Terrorism Legislation; by the Royal United Services Institute’s Independent Surveillance Review Panel; and by the Intelligence and Security Committee of Parliament. All three of those authoritative independent reports agreed a new law was needed.

The Government responded to the recommendations of those reports in the form of a draft Bill, published in November 2015. That draft Bill was submitted for pre-legislative scrutiny by a Joint Committee of both Houses of Parliament. The Intelligence and Security Committee and the House of Commons Science and Technology Committee conducted parallel scrutiny. Between them, those Committees received over 1,500 pages of written submissions and heard oral evidence from the Government, industry, civil liberties groups and many others. The recommendations made by those Committees informed changes to the Bill and the publication of further supporting material.

A revised Bill was introduced in the House of Commons on 1 March, and completed its passage on 16 November, meeting the timetable for legislation set by Parliament during the passage of the Data Retention and Investigatory Powers Act 2014. Over 1,700 amendments to the Bill were tabled and debated during this time.

The Government has adopted an open and consultative approach throughout the passage of this legislation, tabling or accepting a significant number of amendments in both Houses of Parliament in order to improve transparency and strengthen privacy protections. These included enhanced protections for trade unions and journalistic and legally privileged material, and the introduction of a threshold to ensure internet connection records cannot be used to investigate minor crimes.

Privacy and Oversight

The Government has placed privacy at the heart of the Investigatory Powers Act. The Act makes clear the extent to which investigatory powers may be used and the strict safeguards that apply in order to maintain privacy.

A new overarching ‘privacy clause’ was added to make absolutely clear that the protection of privacy is at the heart of this legislation. This privacy clause ensures that in each and every case a public authority must consider whether less intrusive means could be used, and must have regard to human rights and the particular sensitivity of certain information. The powers can only be exercised when it is necessary and proportionate to do so, and the Act includes tough sanctions – including the creation of new criminal offences – for those misusing the powers.
The safeguards in this Act reflect the UK’s international reputation for protecting human rights. The unprecedented transparency and the new safeguards – including the ‘double lock’ for the most sensitive powers – set an international benchmark for how the law can protect both privacy and security.

Home Office

Click this link to view the response online:

https://petition.parliament.uk/petitions/173199?reveal_response=yes

This petition has over 100,000 signatures. The Petitions Committee will consider it for a debate. They can also gather further evidence and press the government for action.

The Committee is made up of 11 MPs, from political parties in government and in opposition. It is entirely independent of the Government. Find out more about the Committee: https://petition.parliament.uk/help#petitions-committee

Thanks,
The Petitions Team
UK Government and Parliament

State Surveillance in Ireland Part 3: Surveillance Powers & “Authorisation” Processes

Under the 1993 & 2009 legislation governing surveillance‍ powers in the Republic of Ireland there are wide ranging number of measures available to the relevant sections within An Garda Siochana, The Defence Forces and The Office of the Revenue Commissioners.

This post does not cover the measures available in the 2011 Communications (Retention of Data) Actwhich will be covered in a separate post.

To greatly summarise, under the 1993 and 2009 Acts the various organs of State can:

  1. Place phone taps on fixed line communications;
  2. Eavesdrop fixed line communications;
  3. Carry out unrestricted interception of postal correspondence;
  4. Open and read said correspondence;
  5. Place trackers on postal parcels;
  6. Siphon (Man in the Middle Attacks) and read email communications;
  7. Monitor and record internet usage;
  8. Conduct audio and video surveillance;
  9. Store captured audio and video footage, gained from covert surveillance, for an unrestricted period of time;
  10. Covertly enter a private dwelling or vehicle and install a range of devices to facilitate the above activities;
  11. Covertly re-enter a private dwelling or vehicle to retrieve said devices;
  12. Covertly place tracking devices on any vehicle that it is felt is connected with an investigation;
  13. Track all movements of said vehicles within and outside the jurisdiction of the Republic of Ireland;

In order to carry out covert surveillance there are several short cuts available to An Garda Siochana, The Defence Forces and The Office of the Revenue Commissioners to circumvent involving a judge or higher external legal entity outside of the particular organisation seeking permission to perform the surveillance on a person or persons.

It really does not matter though as there is an almost 100% approval rate for surveillance requests whether granted by the famous “Superior Officer” or a Judge. “Superior Officers” can grant surveillance periods of 3 to 4 months depending on which Act is being invoked and all are capable of being granted extensions.

Many surveillance requests are granted in “emergency” situations which does not require external permission and while the Acts themselves cover a range of surveillance methods there are a host of other surveillance tactics that are not governed by the Acts and are carried out with little if any oversight and certainly no transparency with respect to process.

As far as disclosure is concerned – all attempts to gather statistics or specifics are met with a wall of silence or derisory replies.

END

Hijacked Jihadi Forum “Asrar Al­Ghurabaa’“ – Offense & Exploitation

In late 2013, following on from the general panic surrounding the reliability of previously trusted technologies – as a direct result of the revelations made by snowden‍ and greenwald‍ – ISIS‍ “declared” that they had launched a new encryption‍ service called Asrar Al­ Ghurabaa’.

It was described as being the first website for secure communications. A forum used by jihadists calledShabakat Al Iraq Wal Sham announced the launch. The announcement declared that the new resourcefor jihadis would be a rival to Asrar AlMujahideen (Mujahedeensecrets which was launched circa 2007).

The new service was an NSA‍ front and was to be found at asrar006.com. It allowed the input of text which was then encrypted‍ or decrypted‍ , as required. Simply put, rather like the google translate service it applied the required encryption keys to inputted text strings resulting in a “translation”.

It did not allow for message transmission but was more “accurate, secure, and user friendly than Asrar Al­Mujahideen” according to the statement. The service required no software downloads or installations and therefore removed several points of potential risk associated with the Asrar Al­Mujahideen alternative. No code could be injected, files infected and so on.

Within a couple of days the Global Islamic Media Front (GIMF‍ ) denounced the new encryption platform in a statement “Warning About the Use of the Program ‘Asrār al-Ghurabā” stating:

“We warn all the brothers using the new encryption program called “Asrar al-Ghurabaa” – the program is suspicious and its source is not trusted. Likewise, we confirm that there wasn’t any relationship between the program “Asrar al-Ghurabaa” and the Front’s encryption program “Asrar al-Mujahdeen”, and therefore, we advise and warn the brothers not to use the program “Asrar al-Ghurabaa” entirely!

We also warn of using any encryption program which hasn’t been published through the Global Islamic Media Front or Al-Fajr Center for Media. And lastly, we remind that the sole source to download all of the technical programs for the Media Front: Mobile Encryption Program Asrar al-Dardashah Plugin Asrar al-Mujahideen Program”

END

Overwatch – The Five Eyes Espionage Alliance

The “Five Eyes” (FVEY‍) is an intel‍ alliance that unifies elements of the national alphabet agencies of theunited Kingdom, the United States, Australia, canada and New Zealand and their intel gathering infrastructures.

The AA’s in each member country and the terms of their information exchange mandate is encapsulated in the multilateral‍ agreement called the “UKUSA Agreement”.

The origins of the FVEY can be traced to the closing months of World War II when the Atlantic Charter was issued by the Allies to lay out their “goals” for a post-war world.

Signals Intelligence (SIGINT)

The espionagealliance‍ was conceived in order to deliver trans- jurisdictionalcoordination‍ andcooperation‍ for signals intelligence (SIGINT‍) but has expanded into many other areas especially in the last 20 years and most aggressively since the beginning of the vaguely defined parameters of the ” War‍ on Terror‍ “.

Not just a reactive program it is specifically proactive. The FVEY can count in many thousands theirdeployment of various rootkit‍ hacks, backdoors‍ , trojans‍ , worms‍ , spyware‍ , malware‍ , keystroke logging, PGP private key reversal and voice comms undermining projects. It has an eye watering arsenal of BH tactics‍ at its disposal. Take a peak at a tiny subset of them here .

GEMALTO & Public Scrutiny

But probably their most effective hack was undermining the integrity of sim card encryption after the highly successful (for them) Gemalto hack.

No citizen based protests or national laws or international regulations or Privacy advocates or leaks or “net neutrality” activists or whistleblowers will ever affect the activities of the Five Eyes.

It is and will remain the most pervasive, extensive, expansive and secretive (independent and to the large part unregulated) espionage alliance in history.

The ECHELON Program

During the course of the Cold War, the ECHELONsurveillance‍ system was initially developed by the FVEY to monitor the communications of the USSR‍ and European countries on the wrong side of the Iron Curtain.

The FVEY has been accused of monitor trillions of privatecommunications‍ worldwide.

In the late 1990s, the existence of ECHELON was disclosed and triggered a major debate in brusselsand to a lesser extent in Congress. As part of efforts in the ongoing, vaguely defined, War on Terror since 2001, the FVEY further expanded their surveillance‍ capabilities.

Internet Backbone

The bulk of the current focus is placed on monitoring digital comms across the internet backbones and much if not all of the cables delivering the service have FVEY listeners at the receiving stations and national termination points and not just in the member countries.

The current face-off between the US and china in South East asia – aside from the sabre rattling over the Paracel & Spratly issue and Chinese territorial claims in the South China Sea – is who will get to deliver and therefore control the internet backbone to Cambodia, terminating in Sihanoukville.

That cable will service the needs of the region (Laos, Myanmar, Thailand, Vietnam, Cambodia, and unofficially parts of China, Malaysia, Indonesia and Singapore)

Snowden (Again)

NSAwhistleblower / traitor (depending on your viewpoint) edward snowden described the Five Eyes as asupranational‍ intelligence organisation that doesn’t answer to the known laws of its own countries”.

Snowden’s leaks revealed that the alliance were spying on one another’s citizens and sharing the collected information with each other in order to circumvent restrictive domesticregulations‍ on surveillance of sovereign nations’ citizens in “peace time”.

Again the definition of “peace time” and its current status is in the eye of the beholder so to speak.

The Main Surveillance Programs

The main surveillance programs jointly operated by the Five Eyes are:

  • PRISM‍ – Operated by the NSA‍ together with the GCHQ‍ and the ASD
  • XKEYSCORE‍ – Operated by the NSA with contributions from the ASD and the GCSB
  • Tempora‍ – Operated by the GCHQ with contributions from the NSA
  • MUSCULAR‍ – Operated by the GCHQ and the NSA
  • STATEROOM‍ – Operated by the ASD, CIA‍ , csec‍ , GCHQ, and NSA

END

Privacy‍ , National Security